Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-29078

Summary
Assigner-jpcert
Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At-27 May, 2024 | 23:52
Updated At-28 Mar, 2025 | 19:17
Rejected At-
Credits

Incorrect permission assignment for critical resource issue exists in MosP kintai kanri V4.6.6 and earlier, which may allow a remote unauthenticated attacker with access to the product to alter the product settings.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jpcert
Assigner Org ID:ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At:27 May, 2024 | 23:52
Updated At:28 Mar, 2025 | 19:17
Rejected At:
▼CVE Numbering Authority (CNA)

Incorrect permission assignment for critical resource issue exists in MosP kintai kanri V4.6.6 and earlier, which may allow a remote unauthenticated attacker with access to the product to alter the product settings.

Affected Products
Vendor
esMind, LLC
Product
MosP kintai kanri
Versions
Affected
  • V4.6.6 and earlier
Problem Types
TypeCWE IDDescription
textN/AIncorrect Permission Assignment for Critical Resource
Type: text
CWE ID: N/A
Description: Incorrect Permission Assignment for Critical Resource
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.e-s-mind.com/2024-02-20/
N/A
https://jvn.jp/en/jp/JVN97751842/
N/A
Hyperlink: https://www.e-s-mind.com/2024-02-20/
Resource: N/A
Hyperlink: https://jvn.jp/en/jp/JVN97751842/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.e-s-mind.com/2024-02-20/
x_transferred
https://jvn.jp/en/jp/JVN97751842/
x_transferred
Hyperlink: https://www.e-s-mind.com/2024-02-20/
Resource:
x_transferred
Hyperlink: https://jvn.jp/en/jp/JVN97751842/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-732CWE-732 Incorrect Permission Assignment for Critical Resource
Type: CWE
CWE ID: CWE-732
Description: CWE-732 Incorrect Permission Assignment for Critical Resource
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vultures@jpcert.or.jp
Published At:28 May, 2024 | 00:15
Updated At:28 Mar, 2025 | 20:15

Incorrect permission assignment for critical resource issue exists in MosP kintai kanri V4.6.6 and earlier, which may allow a remote unauthenticated attacker with access to the product to alter the product settings.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-732Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-732
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://jvn.jp/en/jp/JVN97751842/vultures@jpcert.or.jp
N/A
https://www.e-s-mind.com/2024-02-20/vultures@jpcert.or.jp
N/A
https://jvn.jp/en/jp/JVN97751842/af854a3a-2127-422b-91ae-364da2661108
N/A
https://www.e-s-mind.com/2024-02-20/af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: https://jvn.jp/en/jp/JVN97751842/
Source: vultures@jpcert.or.jp
Resource: N/A
Hyperlink: https://www.e-s-mind.com/2024-02-20/
Source: vultures@jpcert.or.jp
Resource: N/A
Hyperlink: https://jvn.jp/en/jp/JVN97751842/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://www.e-s-mind.com/2024-02-20/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

12Records found
CVE-2021-31902
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.00% / 0.06%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 11:38
Updated-03 Aug, 2024 | 23:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In JetBrains YouTrack before 2020.6.6600, access control during the exporting of issues was implemented improperly.

Action-Not Available
Vendor-n/aJetBrains s.r.o.
Product-youtrackn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2019-12441
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.38%
||
7 Day CHG~0.00%
Published-10 Mar, 2020 | 14:36
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GitLab Community and Enterprise Edition 8.4 through 11.11. The protected branches feature contained a access control issue which resulted in a bypass of the protected branches restriction rules. It has Incorrect Access Control.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2019-11270
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-7.3||HIGH
EPSS-0.23% / 45.58%
||
7 Day CHG~0.00%
Published-05 Aug, 2019 | 16:21
Updated-17 Sep, 2024 | 04:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
UAA clients.write vulnerability

Cloud Foundry UAA versions prior to v73.4.0 contain a vulnerability where a malicious client possessing the 'clients.write' authority or scope can bypass the restrictions imposed on clients created via 'clients.write' and create clients with arbitrary scopes that the creator does not possess.

Action-Not Available
Vendor-VMware (Broadcom Inc.)Cloud Foundry
Product-cloud_foundry_uaaoperations_managerapplication_serviceUAA Release (OSS)
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2024-8900
Matching Score-4
Assigner-Mozilla Corporation
ShareView Details
Matching Score-4
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-0.25% / 48.03%
||
7 Day CHG~0.00%
Published-17 Sep, 2024 | 18:14
Updated-18 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3, and Thunderbird < 128.3.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxThunderbirdFirefox ESRFirefox
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-5077
Matching Score-4
Assigner-HashiCorp Inc.
ShareView Details
Matching Score-4
Assigner-HashiCorp Inc.
CVSS Score-7.6||HIGH
EPSS-0.14% / 33.95%
||
7 Day CHG~0.00%
Published-28 Sep, 2023 | 23:24
Updated-26 Sep, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vault's Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets

The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.

Action-Not Available
Vendor-HashiCorp, Inc.
Product-vaultVault EnterpriseVaultvault
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2022-42949
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.68%
||
7 Day CHG~0.00%
Published-20 Dec, 2022 | 00:00
Updated-17 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissions.

Action-Not Available
Vendor-n/aSilverstripe
Product-subsitesn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-27568
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.31% / 53.49%
||
7 Day CHG~0.00%
Published-21 Apr, 2021 | 21:16
Updated-04 Aug, 2024 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in the controller resource. Note: All Aviatrix appliances are fully encrypted. This is an extra layer of security.

Action-Not Available
Vendor-n/aAviatrix Systems, Inc.
Product-controllern/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2019-11528
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.21% / 42.97%
||
7 Day CHG~0.00%
Published-10 Oct, 2019 | 19:30
Updated-04 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Softing uaGate SI 1.60.01. A system default path for executables is user writable.

Action-Not Available
Vendor-softingn/a
Product-uagate_si_firmwareuagate_sin/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2018-12922
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 56.36%
||
7 Day CHG~0.00%
Published-28 Jun, 2018 | 11:00
Updated-05 Aug, 2024 | 08:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Emerson Liebert IntelliSlot Web Card devices allow remote attackers to reconfigure access control via the config/configUser.htm or config/configTelnet.htm URI.

Action-Not Available
Vendor-vertivn/a
Product-liebert_intellislot_firmwareliebert_intellislotn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-13915
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.61% / 68.86%
||
7 Day CHG~0.00%
Published-28 Jul, 2020 | 14:46
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a remote attacker to overwrite admin credentials via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices.

Action-Not Available
Vendor-ruckuswirelessn/a
Product-h320r610t310cr720t301ne510r320t610t310dr310r500c110m510h510t301st710sr750r510r600t300t710t310nr710unleashed_firmwaret310sn/a
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2023-31453
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.36%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 13:25
Updated-11 Oct, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache InLong: IDOR make users can delete others' subscription

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/7949 https://github.com/apache/inlong/pull/7949

Action-Not Available
Vendor-The Apache Software Foundation
Product-inlongApache InLonginlong
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-31454
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.79%
||
7 Day CHG~0.00%
Published-22 May, 2023 | 13:23
Updated-09 Oct, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache InLong: IDOR make users can bind any cluster

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0.  The attacker can bind any cluster, even if he is not the cluster owner. Users are advised to upgrade to Apache InLong's 1.7.0 or cherry-pick [1] to solve it.[1] https://github.com/apache/inlong/pull/7947 https://github.com/apache/inlong/pull/7947

Action-Not Available
Vendor-The Apache Software Foundation
Product-inlongApache InLonginlong
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
Details not found